<?php
session_start();
require_once ('../init.php');
require_once ('includes/lib/func_rightCtrl.php');
require_once ('includes/lib/func_admin.php');
// 权限控制
admin_rightCtrl();
if(isset($_GET['tid'])){
	$thetid = $_GET['tid'];
	$query = "SELECT `title`,`description`,`link` FROM `tasks` WHERE `tid` = :tid";
    $sth = $dbh->prepare($query);
    $sth -> bindParam(":tid",$thetid);
    $sth -> execute();
    $result = $sth->fetch();
    $theTitle = $result['title'];
    $theDescription = $result['description'];
    $theDescription = preg_replace("/&nbsp;/"," ",$theDescription);
    $theDescription = preg_replace("/<br>/","\r\n",$theDescription);
    $theLink = $result['link'];
}
else{
	$thetid = '';
	$theTitle = '';
	$theDescription = '';
	$theLink = '';
}
echo <<<EOT
<link href="/afctf/css/announce.css" rel="stylesheet" type="text/css" media="all"/>
<link href="/afctf/layui/css/layui.css" rel="stylesheet" type="text/css" media="all"/>
<div class="container">
	<form class="layui-form submain" method='POST' action='/afctf/admin/edit.php?action=deal'>
		<blockquote class="layui-elem-quote">请直接输入你想要修改的部分</blockquote>
		<div class="layui-form-item">
			<label class="layui-form-label">题目名</label>
			<div class="layui-input-block">
				<input name="ed_title" type="text" placeholder="请输入题目名" autocomplete="off" class="layui-input" value="$theTitle">
			</div>
		</div>
		<div class="layui-form-item layui-form-text">
			<label class="layui-form-label">题目描述</label>
			<div class="layui-input-block">
				<textarea name="ed_description" placeholder="请输入题目描述" class="layui-textarea">$theDescription</textarea>
			</div>
		</div>
		<div class="layui-form-item">
			<label class="layui-form-label">题目链接</label>
			<div class="layui-input-block">
				<input name="ed_link" type="text" placeholder="请输入题目链接" autocomplete="off" class="layui-input" value="$theLink">
			</div>
		</div>
		<div class="layui-form-item">
			<label class="layui-form-label">题目类型</label>
			<div class="layui-input-block">
				<select name="ed_type">
					<option value="">空</option>
					<option value="Web">Web</option>
					<option value="Reverse">Reverse</option>
					<option value="Misc">Misc</option>
					<option value="Crypto">Crypto</option>
				</select>
			</div>
		</div>
		<div class="layui-form-item">
			<label class="layui-form-label">flag</label>
			<div class="layui-input-block">
				<input name="ed_flag" type="text" placeholder="请输入flag" autocomplete="off" class="layui-input">
				<input name="ed_tid" type="hidden" value=$thetid>
			</div>
		</div>
		<div style="text-align:center">
            <input class="submit layui-btn" type="submit"  value='提交'>
        </div>
	</form>
</div>
<script type="text/javascript" src="../layui/layui.all.js"></script>
<script type="text/javascript">
	layui.use('element', function(){
		var $ = layui.jquery
  		,element = layui.element; //Tab的切换功能，切换事件监听等，需要依赖element模块
	});
</script>
EOT;
	if(@$_GET['action'] == 'deal'){
		$tid = $_POST['ed_tid'];
		if($_POST['ed_title'] != NULL){
			$title = $_POST['ed_title'];
			$title = htmlentities($title,ENT_QUOTES);
			$update = "UPDATE `tasks` SET `title` = :title WHERE `tid` = :tid";
			$sth_update = $dbh -> prepare($update);
			$sth_update -> bindParam(":title",$title);
			$sth_update -> bindParam(":tid",$tid);
			$sth_update -> execute();
		}
		if($_POST['ed_description'] != NULL){
			$description = $_POST['ed_description'];
			$description = htmlentities($description,ENT_QUOTES);
			$description = preg_replace("/\r\n/",'<br>',$description);
			$description = preg_replace("[\s]",'&nbsp;',$description);
			$update = "UPDATE `tasks` SET `description` = :description WHERE `tid` = :tid";
			$sth_update = $dbh -> prepare($update);
			$sth_update -> bindParam(":description",$description);
			$sth_update -> bindParam(":tid",$tid);
			$sth_update -> execute();
		}
		if($_POST['ed_link'] != NULL){
			$link = $_POST['ed_link'];
			// 如果没有输入协议头，补全为http协议
			if (!stristr($link,'http://') && !stristr($link,'https://')){
				$link = 'http://'.$link;
			}
			$link = htmlentities($link,ENT_QUOTES);
			$update = "UPDATE `tasks` SET `link` = :link WHERE `tid` = :tid";
			$sth_update = $dbh -> prepare($update);
			$sth_update -> bindParam(":link",$link);
			$sth_update -> bindParam(":tid",$tid);
			$sth_update -> execute();
		}
		if($_POST['ed_type'] != NULL){
			$type = $_POST['ed_type'];
			$type = htmlentities($type,ENT_QUOTES);
			$update = "UPDATE `tasks` SET `type` = :type WHERE `tid` = :tid";
			$sth_update = $dbh -> prepare($update);
			$sth_update -> bindParam(":type",$type);
			$sth_update -> bindParam(":tid",$tid);
			$sth_update -> execute();
		}
		if($_POST['ed_flag'] != NULL){
			$flag = $_POST['ed_flag'];
			// $flag = htmlentities($flag,ENT_QUOTES);
			// 1.取出flag内容
			$flagSplit = preg_split('/\{/', $flag);
			// 2.保存flag的外围，并对flag内容做hash
			$flagHead = $flagSplit[0];
			$flagContent = substr($flagSplit[1],0,-1);
			$hashContent = hash('sha256',$flagContent);
			// 3.将外围与做了hash后的flag内容拼接
			$flag = $flagHead.'{'.$hashContent.'}';
			// 4.保存到数据库中
			$update = "UPDATE `tasks` SET `flag` = :flag WHERE `tid` = :tid";
			$sth_update = $dbh -> prepare($update);
			$sth_update -> bindParam(":flag",$flag);
			$sth_update -> bindParam(":tid",$tid);
			$sth_update -> execute();
		}
		if(!isset($title) && !isset($description) && !isset($link) && !isset($type) && !isset($flag)){
			msg_display('表单未填写','error','#');
		}
		else{
			msg_display('题目修改成功','success','#');
		}
	}
?>